In my post yesterday (vexpert.me/hS) I talked about how to recover from an expired default SSO administrator password ā this prompted a discussion on twitter with Anthony Spiteri (@anthonyspiteri) and Grant Orchard (@grantorchard) about the defaults for expiration and how to mitigate the risk.
The first solution is to modify the password expiration policy for SSO. Iām not advocating this necessarily ā I think that expiring passwords ensure that you change them regularly and increase the overall security of your SSO solution.